[#MDEV-21040] InnoDB: fulltext search with ` in(...)` crashed on specific combination

I can repeat the issue in 10.4.3, not in 10.3. The following stacktrace happens when the above select query:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51

#1  0x00007f1d151658db in __GI_abort () at abort.c:100

#2  0x00007f1d1515539a in __assert_fail_base (fmt=0x7f1d152dc7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",

    assertion=assertion@entry=0x55c73cbb8358 "n < rec_offs_n_fields(offsets)",

    file=file@entry=0x55c73cbb8270 "/home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/include/rem0rec.h", line=line@entry=665,

    function=function@entry=0x55c73cbc0ee0 <rec_offs_nth_flag(unsigned long const*, unsigned long, unsigned long)::__PRETTY_FUNCTION__> "ulint rec_offs_nth_flag(const ulint*, ulint, ulint)") at assert.c:92

#3  0x00007f1d15155412 in __GI___assert_fail (assertion=0x55c73cbb8358 "n < rec_offs_n_fields(offsets)",

    file=0x55c73cbb8270 "/home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/include/rem0rec.h", line=665,

    function=0x55c73cbc0ee0 <rec_offs_nth_flag(unsigned long const*, unsigned long, unsigned long)::__PRETTY_FUNCTION__> "ulint rec_offs_nth_flag(const ulint*, ulint, ulint)") at assert.c:101

#4  0x000055c73c2103e8 in rec_offs_nth_flag (offsets=0x7f1d1411cc80, n=3, flag=4611686018427387904)

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/include/rem0rec.h:665

#5  0x000055c73c21058a in rec_offs_nth_extern (offsets=0x7f1d1411cc80, n=3)

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/include/rem0rec.h:707

#6  0x000055c73c3a2cc8 in row_sel_store_mysql_field (mysql_rec=0x7f1c94c1a638 "\277\377", prebuilt=0x7f1c94bca298, rec=0x7f1cf556d0b1 "",

    index=0x7f1c94ae2a58, offsets=0x7f1d1411cc80, field_no=3, templ=0x7f1c94073730)

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/row/row0sel.cc:2908

#7  0x000055c73c3a57c4 in row_search_idx_cond_check (mysql_rec=0x7f1c94c1a638 "\277\377", prebuilt=0x7f1c94bca298, rec=0x7f1cf556d0b1 "",

    offsets=0x7f1d1411cc80) at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/row/row0sel.cc:3921

#8  0x000055c73c3a98c5 in row_search_mvcc (buf=0x7f1c94c1a638 "\277\377", mode=PAGE_CUR_GE, prebuilt=0x7f1c94bca298, match_mode=1, direction=0)

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/row/row0sel.cc:5257

#9  0x000055c73c1ac39b in row_search_for_mysql (buf=0x7f1c94c1a638 "\277\377", mode=PAGE_CUR_GE, prebuilt=0x7f1c94bca298, match_mode=1, direction=0)

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/include/row0sel.ic:137

#10 0x000055c73c1c1089 in ha_innobase::ft_read (this=0x7f1c9482db88, buf=0x7f1c94c1a638 "\277\377")

    at /home/thiru/mariarepo/10.4/10.4-sample/storage/innobase/handler/ha_innodb.cc:10090

#11 0x000055c73bcaa048 in handler::ha_ft_read (this=0x7f1c9482db88, buf=0x7f1c94c1a638 "\277\377")

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_class.h:6563

#12 0x000055c73c1102f7 in FT_SELECT::get_next (this=0x7f1c94d34560) at /home/thiru/mariarepo/10.4/10.4-sample/sql/opt_range.h:1719

#13 0x000055c73bf632f2 in find_all_keys (thd=0x7f1c94000d50, param=0x7f1d1411d970, select=0x7f1c9400ace8, fs_info=0x7f1c949911c0,

    buffpek_pointers=0x7f1d1411db70, tempfile=0x7f1d1411da00, pq=0x0, found_rows=0x7f1c949913a0)

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/filesort.cc:763

#14 0x000055c73bf6186b in filesort (thd=0x7f1c94000d50, table=0x7f1c94d6ada0, filesort=0x7f1c9400b4d8, tracker=0x7f1c9400bb98, join=0x7f1c94c5b128,

    first_table_bit=1) at /home/thiru/mariarepo/10.4/10.4-sample/sql/filesort.cc:262

#15 0x000055c73bc96cf9 in create_sort_index (thd=0x7f1c94000d50, join=0x7f1c94c5b128, tab=0x7f1c940091a8, fsort=0x7f1c9400b4d8)

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:23407

#16 0x000055c73bc90ff4 in st_join_table::sort_table (this=0x7f1c940091a8) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:21167

#17 0x000055c73bc90bc4 in join_init_read_record (tab=0x7f1c940091a8) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:21104

#18 0x000055c73bc8e98d in sub_select (join=0x7f1c94c5b128, join_tab=0x7f1c940091a8, end_of_records=false)

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:20184

---Type <return> to continue, or q <return> to quit---

#19 0x000055c73bc8de7e in do_select (join=0x7f1c94c5b128, procedure=0x0) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:19725

#20 0x000055c73bc631d2 in JOIN::exec_inner (this=0x7f1c94c5b128) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:4386

#21 0x000055c73bc6230c in JOIN::exec (this=0x7f1c94c5b128) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:4168

#22 0x000055c73bc63a23 in mysql_select (thd=0x7f1c94000d50, tables=0x7f1c94014f98, wild_num=0, fields=..., conds=0x7f1c94017b80, og_num=1,

    order=0x7f1c94019158, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1c940193e0, unit=0x7f1c94004c80,

    select_lex=0x7f1c94013b88) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:4600

#23 0x000055c73bc53993 in handle_select (thd=0x7f1c94000d50, lex=0x7f1c94004bb8, result=0x7f1c940193e0, setup_tables_done_option=0)

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_select.cc:408

#24 0x000055c73bc1a0a3 in execute_sqlcom_select (thd=0x7f1c94000d50, all_tables=0x7f1c94014f98)

    at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_parse.cc:6357

#25 0x000055c73bc0f780 in mysql_execute_command (thd=0x7f1c94000d50) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_parse.cc:3899

#26 0x000055c73bc1e1a1 in mysql_parse (thd=0x7f1c94000d50,

    rawbuf=0x7f1c94013778 "SELECT search_sites.id, search_sites.start_date, company company, name,x,y, city_name , CAST( ST_Distance(@hereami, a_point) * 111195 as integer) distance FROM search_sites2 search_sites WHERE id in ("..., length=470, parser_state=0x7f1d1411f1a0, is_com_multi=false,

    is_next_command=false) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_parse.cc:7898

#27 0x000055c73bc09387 in dispatch_command (command=COM_QUERY, thd=0x7f1c94000d50, packet=0x7f1c940af021 "", packet_length=470, is_com_multi=false,

    is_next_command=false) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_parse.cc:1841

#28 0x000055c73bc07a13 in do_command (thd=0x7f1c94000d50) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_parse.cc:1359

#29 0x000055c73bd8f6e7 in do_handle_one_connection (connect=0x55c73f2fc8a0) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_connect.cc:1412

#30 0x000055c73bd8f436 in handle_one_connection (arg=0x55c73f2fc8a0) at /home/thiru/mariarepo/10.4/10.4-sample/sql/sql_connect.cc:1316

#31 0x00007f1d160606db in start_thread (arg=0x7f1d14120700) at pthread_create.c:463

#32 0x00007f1d1524688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

It looks like the regression of ~~MDEV-16188~~. So assigning it to optimizer team.

[MDEV-21040] InnoDB: fulltext search with ` in(...)` crashed on specific combination Created: 2019-11-12 Updated: 2020-04-01 Resolved: 2019-11-27
Status:	Closed
Project:	MariaDB Server
Component/s:	Full-text Search, Storage Engine - InnoDB
Affects Version/s:	10.4.3, 10.4.10
Fix Version/s:	10.4.11

[MDEV-21040] InnoDB: fulltext search with ` in(...)` crashed on specific combination Created: 2019-11-12 Updated: 2020-04-01 Resolved: 2019-11-27